Friday, April 20, 2007

Hackers enticed, Apple's Macintosh gets hacked in less than 12 hours

Time and time again we are told through TV commercials and personally I've had a discussion with Apple 'engineers' that Apple's operating system and the products that they make are invulnerable, or at the very least, it isn't very easy to hack into a Mac that's fully patched compared to Windows where you can find bugs in less than a day.

What they forget to tell you is, the majority of hackers are PC users. The majority of the world are PC users. Hence, it is logical that the majority of exploits, viruses, and spyware are geared towards PC users. BUT put up to the challenge, hackers can break into a Mac in weeks, days...less than 12 hours!

A New York-based security researcher spent less than 12 hours to identify and exploit a zero-day vulnerability in Apple's Safari browser that allowed him to remotely gain full user rights to the hacked machine. The feat came during the second and final day of the CanSecWest "pwn-2-own" contest in which participants are able to walk away with a fully-patched MacBook Pro if they are first able to hack it.

Picture of Shane Macaulay with back to camera sitting at MacBook in CanSecWest's pwn-2-own contestThe exploit means that Dino Dai Zovi is the rightful owner of the 2.3Ghz 15-inch MacBook Pro and a $10,000 prize offered by Tipping Point, which runs the Zero Day Initiative bug bounty program. More importantly, his work effectively throws cold water on tired claims from Apple and its many lackeys that the Mac is all but immune from the kind of security attacks more regularly perpetrated against Windows-based machines.

That's right folks, a fully patched MacBook Pro gets hacked in less than 12 hours. On a normal day, they could care less because the majority of hackers consider Apple's Macintosh operating system as a waste of time. But when you put money into the mix, sure they'll spend a few hours to break into it with ease.